CIS 310 Chapter 4

The flashcards below were created by user MCDUQUE on FreezingBlue Flashcards.

  1. Ethics
    The principles and standards that guide our behavior toward other people / what people expect from you
  2. Information ethics
    Govern the ethical andmoral issues arising from the development and use of information technologies,as well as the creation, collection, duplication, distribution, and processing of information itself
  3. Business issues related to information ethics
    • Intellectual property – creative world embedded
    • Copyright – legal protection for an idea Pirated software – illegally use software via distribution, resale, or usage 
    • Counterfeit software – software that looks like original but its not and then sell it
  4. Privacy
    The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent (eg. BCC email)
  5. Confidentiality
    the assurance that messages and information are available only to those who are authorized to viewthem
  6. Individuals form the only ethical component of MIS
    • •Individuals copy, use , and distribute software
    • •Search organizational databases for sensitive and personal information
    • •Individuals create and spread viruses
    • •Individuals hack into computer systems to steal information
    • •Employees destroy and steal information
  7. Information does not care how it is used, it will not stop itself from sending spam, viruses, or highly-sensitive information. Tools to prevent information misuse?
    • Focus is on people
    • •Information management - defines what type of info, value and use we have and how it will be distributed
    • •Information governance -
    • •Information compliance
    • •Ediscovery
  8. moral
    personal charater
  9. ethics
    - social system where you apopply your morals - code of behavior people anticipate
  10. Unacceptable use of information?
    hacking, sending virusus, steal or damage information
  11. Information governance
    system for governing information
  12. •Information compliance
    collecting and yeilding information
  13. Ediscovery
    process of serching, finding, filtering information
  14. HIPA - Health Insurance Protechtion Act
    - secured patient information and medical information
  15. Epolicies typically include:
    • •Ethical computer use policy
    • •Information privacy policy
    • •Acceptable use policy
    • •Email privacy policy
    • •Social media policy
    • •Workplace monitoring policy
  16. Ethical computer use policy
    Contains general principles to guide computer user behavior

    The ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules

    ex. employees cannot play games during work hours
  17. unethical use of information typically occurs?
    "unintentionally” when itis used for new purposes

    ex. social security numbers > using it as your identity
  18. Information privacy policy
    Contains general principles regarding information privacy
  19. Acceptable use policy (AUP)
    Requires a user to agreeto follow it to be provided access to corporate email, information systems, andthe Internet
  20. Nonrepudiation
    A contractual stipulationto ensure that ebusiness participants do not deny their onlineactions
  21. Internet use policy
    Contains general principles to guide the proper use of the Internet
  22. How can organizations mitigatethe risks of email and instant messaging communication tools?
    implementing and adhering to an email privacy policy
  23. Email privacy policy
    Details the extent to which email messages may be read by others
  24. Why is email not safe?
    email stored in senders, senders provider, recipients provider and recipient computer

    > all those above ahve access to it
  25. Spam
    Unsolicited email > disguise email address, opt out,
  26. Anti-spam policy
    Simply states that email users will not send unsolicited emails (or spam)
  27. Socialmedia policy
    Outlines the corporate guidelines or principles governing employee online communications

    Need several policies

  28. Information technology monitoring
    Tracks people’s activitiesby such measures as number of keystrokes, error rate, and number oftransactions processed
  29. Employee monitoring policy
    Explicitly state how,when, and where the company monitors its employees
  30. Common monitoring technologies include:
    • •Key logger or key trapper software -rec key stroke and click
    • •Hardware key logger - rec key stroke and click
    • •Cookie - rec all web site activities
    • •Adware - generates ad by itself
    • •Spyware - attached to downloads and mines information and slows down system
    • •Web log - line of info about website visitors
    • •Clickstream - store website activities pages, how long,
  31. Information security
    The protection of information from accidental or intentional misuse by persons inside or outside an organization
  32. Downtime
    Refers to a period of time when a system is unavailable

    < company wants to max uptime and min downtime >

    Downtime can cost an organization anywhere from $100 to $1 million per hour
  33. Cost of downtime?
    • Financial Performance
    • Revenue
    • Damage Reputation
    • Other Expenses

    Know the cost... per hour, day week?
  34. Hacker
    Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge
  35. White-hat hacker
    expert in technology and gets access to a system with owner knowledge and see weak points
  36. Black-hat hacker
    steal info
  37. •Cracker
    criminal intent
  38. •Cyberterrorist
    stealing critical and sensitive information
  39. •Hactivist
    political reasons
  40. •Script kiddies or script bunnies
    hacking codes over the net
  41. Virus
    Software written withmalicious intent to cause annoyance or damage. always attached to a file
  42. •Backdoor program virus
    spread into network for future attack
  43. •Denial-of-service attack (DoS)
    many request overload by one person
  44. •Distributed denial-of-service attack (DDoS)
    many users request at one time causing system to crash
  45. •Polymorphic virus
    changes attributes
  46. •Trojan-horse virus
    disguises as a file that comes with downloand
  47. •Worm
    does not have to be attached to anything and starts to spread itself
  48. Security threats to ebusiness include:
    • •Elevation of privilege
    • •Hoaxes - send hoax with attached virus
    • •Malicious code - spy wear add ware
    • •Packet tampering - change content of data packets
    • •Sniffer - observe all data
    • •Spoofing - email that looks and feel like it came from someone you know
    • •Splogs - fake blogs
    • •Spyware -
  49. §Organizations must enable employees, customers, and partners to access information electronically

    §The biggest issue surrounding information security is not a technical issue, but a people issue?
    • •Insiders - people working in company to steal information
    • •Social engineering - social skills to get information from you
    • •Dumpster diving - people who search your trash
  50. The first line of defense an organization should follow to help combat insider issues is to?
    develop information security policies and an information security plan
  51. •Information security policies
    change passwords every three months
  52. •Information security plan
    how many characters the password need to be
  53. There are three primary information technology security areas
    • 1.People:  Authentication and authorization
    • 2.Data:  Prevention and resistance
    • 3.Attack:  Detection and response
  54. Identity theft
    – The forging of someone’s identity for the purpose of fraud
  55. 2 ways for identity theft to occur?
    1. Phishing – A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email

    2. Pharming – Reroutes requests for legitimate websites to false websites
  56. Authentication
    A method for confirming users’ identities
  57. Authorization
    The process of giving someone permission to do or have something
  58. The most secure type of authentication involves
    • 1.Something the user knows
    • 2.Something the user has
    • 3.Something that is part of the user
  59. Passwords and usernames are.....
    most ineffective way for authentication
  60. most common way toidentify individual users and typically contains
    user ID and a password

    This is also the most ineffective form of authentication

    Over 50 percent of help-desk calls are password related
  61. Smartcard
    A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
  62. Tokens
    Small electronic devices that change user passwords automatically
  63. Biometrics
    The identification of auser based on a physical characteristic, such as a fingerprint, iris, face,voice, or handwriting

    Unfortunately, this method can be costly and intrusive
  64. Technologies available to help prevent and build resistance to attacks include?
    • 1.Content filtering
    • 2.Encryption
    • 3.Firewalls
  65. Content filtering
    Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
  66. §If there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it
    • •Encryption - scrambles info and changes how it looks change, add, or look of charaters
    • •Public key encryption (PKE) - key provided to all users .. used to incrypt message... private key to decrypt message (one person has private key)
    • •Certificate authority - Identifying users by looking at digital certificate
    • •Digital certificate -has all users information
  67. One of the most commondefenses for preventing a security breach is?
  68. Firewall
    Hardware and/or softwarethat guards a private network by analyzing the information leaving and enteringthe network

    stands between internet and server
  69. If prevention and resistance strategies fail and there is a security breach?
    organization can use detection and response technologies to mitigate the damage
  70. Intrusion detection software
    Features full-time monitoring tools that search for patterns in network traffic to identify intruders
Card Set:
CIS 310 Chapter 4
2013-05-02 00:26:01
CIS 310 Chapter

CIS 310 Chapter 4
Show Answers: